VXLAN Concepts and Architecture
ฝัง
- เผยแพร่เมื่อ 5 ก.ย. 2024
- vxlan stands for virtual extensible local area network and it is similar to vlans in this video i will discuss tgeneral concept of vxlan and issues with vlans and how vxlan has addressed these issues and then architectural and technical details of vxlan
vxlan developed by cisco and vmware (RFC 7348 2014)
it is encapsulation or tunneling protocol that provides connectivity between data centers to stretch layer 2 network over and underlying layer 3 network
it is a tunneling protocol which creates an overlay network over an underlay ip network to communicate to systems which are part of same network segment but can be located in different geographical locations
vxlan realizes concept or architecture of software defined network (SDN), related to cloud computing where servers are virtualized so it is used by cloud service provider to provide services to multi-tenants
VLANs have scalability isolation virtualization and automation issues
scalability issues of vlans,
vlan id =12 bit (4 000 segments)
vni =24 bit(16 million segments)
vlan uses spanning tree protocol to avoid network loops at cost of blocking redundant links whereas vxlan uses robust ip protocols
isolation issues of vlans, due to broadcast domain issues of vlan, we don't extend same vlan on multiple network devices as it would choke network so instead we use routing protocol over global network so vlan cannot operate beyond a local router or gateway because ingress frame header from a system to switch is removed by that switch or router including vlan id and a new egress frame header is added by router so same vlan cannot extend globally whereas vxlan header remains intact due to overlay tunnel on underlay ip network and same vxlan can extend globally across different data centers and a server or vm can be part of same vxlan segment irrespective of its geographical location. Once we talk about network automation issues, migration of server virtual machines (VM) is possible across data centers without changing their ip addresses and this is possible through vxlan and same cannot be achieved with vlans. once we talk about virtualization limitations, so due to server virtualization, physical switch has to learn multiple vm mac addresses against same physical port so it causes large mac table whereas in vxlan data plane learning is developed by a mechanism called multicasting so each vni is mapped to a multicast group and BUM traffic where BUM stands for broadcast, unknown unicost and multicast, so this traffic is sent to VTEPs which are vxlan tunnel endpoints, so BUM traffic is only sent to VTEP which has joined that multicast group of vni
another mechanism is control plane learning by using head end replication through which information related to vteps/ VMs MAC is shared
underlay ip network can be changed w/oimpacting overlay network
each vm has one or many vnic or virtual network interface card and each virtual network interface card is associated with a vni or vxlan network identifier which is just like a vlan id so vni is further part of a virtual tunnel endpoint or VTEP which is a special logical interface on a physical or logical switch
relationship between vni and VTEP is many: many
vtab acts as interface b/w overlay vxlan network and underlay ip network
and vtep is also connected globally point to point with all vteps using vxlan overlay tunnel on underlay ip network
traffic has to travel globally between two vms which are separated global on different global positions or locations but they are part of same vxlan segment so traffic is forwarded by local vm through its vNIC which is associated with vni and this traffic is forwarded by vnic to local vtep so vtep takes original frames and as a payload and encapsulate it inside vxlan by adding vxlan header source and destination vtep ip and also a udp datagram and this udp datagram uses port 4789 to create overlay network vtep then forward this packet using this overlay network and on underlay ip network using udp as transport
underlay ip network route vxlan frame to destination vtep
Destination vtep removes vxlan header and forward original frame to vms or vnic which is associated with this same vni on destination vm
vtep forward BUM traffic of a vni only to vteps which are associated with same vni or same multicast group
vxlan header is 64 bit so 8 bit are reserved for future and then 24 bits are used by vni and 24 bits are again reserved and 8 bits are used for flag
Due to additional vxlan header there's a network overhead of around 50 byte due to this vlan vxlan header vtep and also udp header therefore you have to allow jumble jumbo frames on underlay ip network so overall this vtep architecture is like a leave and span architecture.
en.wikipedia.o...
juniper.net/us/en/research-topics/what-is-vxlan.html#:~:text=VXLAN%20is%20an%20encapsulation%20protocol,the%20use%20of%20virtual%20networks.
support.huawei...
